Watchguard: Security Vulnerabilities
Panda Security Dome Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Panda Security Dome. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
The specific flaw exists within the Hotspot Shield. By creating a junction, an attacker can abuse the application to delete arbitrary files. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-23478.
CVSS Score
7.8
EPSS Score
0.0
Published
2024-12-30
Incorrect Authorization vulnerability in the protocol communication between the WatchGuard Authentication Gateway (aka Single Sign-On Agent) on Windows and the WatchGuard Single Sign-On Client on Windows and MacOS allows Authentication Bypass.This issue affects the Authentication Gateway: through 12.10.2; Windows Single Sign-On Client: through 12.7; MacOS Single Sign-On Client: through 12.5.4.
CVSS Score
9.1
EPSS Score
0.014
Published
2024-09-25
Incorrect Authorization vulnerability in WatchGuard Authentication Gateway (aka Single Sign-On Agent) on Windows allows an attacker with network access to execute restricted management commands.
This issue affects Authentication Gateway: through 12.10.2.
CVSS Score
9.1
EPSS Score
0.003
Published
2024-09-25
Improper Handling of Exceptional Conditions vulnerability in the WatchGuard Single Sign-On Client on Windows causes the client to crash while handling malformed commands. An attacker with network access to the client could create a denial of service condition for the Single Sign-On service by repeatedly issuing malformed commands.
This issue affects Single Sign-On Client: through 12.7.
CVSS Score
7.5
EPSS Score
0.005
Published
2024-09-25
A local privilege escalation vlnerability in the WatchGuard Mobile VPN with SSL client on Windows enables a local user to execute arbitrary commands with elevated privileged.
CVSS Score
7.8
EPSS Score
0.002
Published
2024-07-09
A buffer overflow in WatchGuard Fireware OS could may allow an authenticated remote attacker with privileged management access to execute arbitrary code with system privileges on the firewall.
This issue affects Fireware OS: from 11.9.6 through 12.10.3.
CVSS Score
7.2
EPSS Score
0.003
Published
2024-07-09
DHCP can add routes to a client’s routing table via the classless static route option (121). VPN-based security solutions that rely on routes to redirect traffic can be forced to leak traffic over the physical interface. An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN.
CVSS Score
7.6
EPSS Score
0.021
Published
2024-05-06
An issue was discovered in WatchGuard EPDR 8.0.21.0002. Due to a weak implementation of message handling between WatchGuard EPDR processes, it is possible to perform a Local Privilege Escalation on Windows by sending a crafted message to a named pipe.
CVSS Score
7.8
EPSS Score
0.001
Published
2023-10-05
An issue was discovered in WatchGuard EPDR 8.0.21.0002. It is possible to bypass the defensive capabilities by adding a registry key as SYSTEM.
CVSS Score
6.7
EPSS Score
0.0
Published
2023-10-05
An issue was discovered in WatchGuard EPDR 8.0.21.0002. It is possible to enable or disable defensive capabilities by sending a crafted message to a named pipe.
CVSS Score
5.5
EPSS Score
0.001
Published
2023-10-05
Page 1